Hello,
I’m a newbie at setting up the servers but I am trying to password the root directory of a development server so that anyone who tries to access the site has to use a password.
I keep getting a 403 forbidden error when trying to access the /secretdirectory/ folder. I created a info.php file to test and have the same results.

I have two questions.

1. Where is the .htpasswd file stored for each user?
2. What do I need to change in the code to protect the root directory?

1. If you used the same htpasswd command from the article (htpasswd -bc /var/www/yourdomain.com/.htpasswd) then the file is located in /var/www/yourdomain.com/.

2. You should check your domain log files and see why you are getting 403 forbidden. 403 Forbidden is technically not an error but a HTTP status code. 403 response headers are intentionally returned in many cases such as –
User is blocked from requesting that page/resource or the site as a whole.
User tries to access a directory but autoindex is set to off.
User tries to access a file that can be only accessed internally.
Also, what code are you referring to?

So I setup the server on CentOS 7 and followed a guide on installing Nginx. Since the default nginx html folder is in ‘/usr/share/nginx/html’ I created the .htpasswd file there but I am not seeing it via SSH nor FileZilla.

The code I was referring to is the code that goes in the sites configuration file, which if I placed it correctly, goes in ‘/etc/nginx/conf.d/default.conf’

Hello,
Thanks for the tutorial but i have a problem
When i enter domain . com/admin/ is asking me for a password (so far so good)
When i enter domain . com/admin/admin.php you can enter with no password!